php — Zastąpienie mysql_escape_string w niestandardowej wtyczce podczas przechodzenia na PHP7
Mam niestandardową wtyczkę opracowaną dla witryny WordPress, która jest internetową społecznością samochodową na php5.6. Pierwotnie nie rozwijałem witryny, ale teraz jestem jej opiekunem. Mam ograniczoną wiedzę programistyczną. Moja wtyczka ma około 6 linii w różnych miejscach, takich jak te:
$title = mysql_escape_string(stripslashes($_POST['title']));
$content = mysql_escape_string(stripslashes($_POST['article']));
return mysql_escape_string(stripslashes($_POST[$value]));
Muszę przejść na PHP7, ale oczywiście jest to przestarzała i przestarzała metoda interakcji z bazą danych.
Chciałbym, aby ktoś pomógł mi zaproponować najczystszy i najbardziej niezawodny sposób zastąpienia tej dokładnej linii zapytaniem wpdb lub metodą esq_sql. Widziałem to w wielu artykułach, ale nie znam poprawnej składni ani implikacji bezpieczeństwa, biorąc pod uwagę, że moje wiersze mają tam również „stripslashes”.
Z góry dziękuję.
Przykładowe linie wewnątrz funkcji mojej wtyczki są następujące:
function getPostValueOrNothing($value) {
if (isset($_POST[$value])) {
return mysql_escape_string(stripslashes($_POST[$value]));
} else {
return "";
}
}
i możesz zobaczyć powtarzającą się zależność od tego w następującym fragmencie:
<?php global $post;
$author_id = bp_displayed_user_id();
$user = get_user_by('id', $author_id);
if (is_user_logged_in() && $author_id == get_current_user_id() && isset($_POST['userpinfield'])) {
if ($_POST['userpinfield'] != "") {
echo "<p>Validation error</p>";
} else {
$post_id = -1;
$attach_id = -1;
$meta_key = "car_id";
$title = getPostValueOrNothing('title');
$content = $_POST['article'];
$year = getPostValueOrNothing('year');
$pdate = getPostValueOrNothing('pdate');
$reg = getPostValueOrNothing('reg');
$commNo = getPostValueOrNothing('commNo');
$engineNo = getPostValueOrNothing('engineNo');
$vin = getPostValueOrNothing('vin');
$colour = getPostValueOrNothing('colour');
$ccolour = getPostValueOrNothing('to_close_colour');
$mileage = getPostValueOrNothing('mileage');
$location = getPostValueOrNothing('location');
if (isset($_POST['post_id']) && $_POST['post_id'] == -1) {
if (null == get_page_by_title($title)) {
$slug = str_replace(" ", "-", strtolower($title));
} else {
$titleSlug = $title . "" . rand(1, 9);
while (null != get_page_by_title($title)) {
$titleSlug = $titleSlug . "" . rand(1, 9);
}
$slug = str_replace(" ", "-", strtolower($titleSlug));
}
//Generate post
$post_id = wp_insert_post(
array(
'comment_status' => (!empty($_POST['comment_status']))? $_POST['comment_status'] : 'closed',
'ping_status' => 'closed',
'post_author' => $author_id,
'post_name' => $slug,
'post_title' => $title,
'post_content' => $content,
'post_status' => 'publish',
'post_type' => 'to_car'
)
);
//Generate Topic post
$topic_id = wp_insert_post(
array(
'comment_status' => 'closed',
'ping_status' => 'closed',
'post_author' => $author_id,
'post_name' => $slug . 'topic',
'post_title' => $title,
'post_content' => $content,
'post_status' => 'publish',
'comment_stattus' => 'open',
'post_type' => 'topic'
)
);
add_post_meta($topic_id, $meta_key, $post_id);
add_post_meta($topic_id, '_bbp_forum_id', $topic_id);
add_post_meta($topic_id, '_bbp_topic_id', $topic_id);
add_post_meta($topic_id, '_bbp_last_active_time', date('Y-m-d H:m:s'));
add_post_meta($topic_id, '_bbp_author_ip', $_SERVER['REMOTE_ADDR']);
add_post_meta($post_id, 'topic_id', $topic_id);
add_post_meta($post_id, 'to_year', $year);
add_post_meta($post_id, 'to_vin', $vin);
add_post_meta($post_id, 'to_comm', $commNo);
add_post_meta($post_id, 'to_engine_no', $engineNo);
add_post_meta($post_id, 'to_reg', $reg);
add_post_meta($post_id, 'to_date', $pdate);
add_post_meta($post_id, 'to_mileage', $mileage);
add_post_meta($post_id, 'to_colour', $colour);
add_post_meta($post_id, 'to_close_colour', $ccolour);
add_post_meta($post_id, 'to_views', 0);
if (!function_exists('media_handle_upload')) {
require_once(ABSPATH . "wp-admin" . '/includes/image.php');
require_once(ABSPATH . "wp-admin" . '/includes/file.php');
require_once(ABSPATH . "wp-admin" . '/includes/media.php');
}
if ($_FILES) {
foreach ($_FILES as $file => $array) {
if ($_FILES['feature']['error'] !== UPLOAD_ERR_OK) {
if ($_FILES['feature']['error'] != 4) {
echo "upload error : " . $_FILES['feature']['error'];
}
} else {
$attach_id = media_handle_upload('feature', $post_id);
}
}
}
if ($attach_id > 0) {
update_post_meta($post_id, '_thumbnail_id', $attach_id);
}
$terms = get_terms('to_make');
if ($terms) {
foreach ($terms as $term) {
$modelValue = getPostValueOrNothing('model' . $term->term_id);
if ($modelValue != "") {
update_post_meta($post_id, 'to_model', $modelValue);
break;
}
}
}
$post = get_post($post_id);
$dummyUrl = plugins_url('/imgs/noCar.png', __FILE__);
$html="<div><span>Added a new Car</span></div><div><a href="" . get_bloginfo('url') . '/to-car/' . $post->post_name . '">';
if (has_post_thumbnail()) {
$html .= '<img src="' . get_the_post_thumbnail_url(get_the_ID(), 'thumbnail') . '" title="' . get_the_title() . '" alt="' . get_the_title() . '" />';
}else{
$html .= '<img src="' . $dummyUrl . '" title="' . get_the_title() . '" alt="' . get_the_title() . '" />';
}
$html .= '<div><span>' . get_the_title() . '</span></div>';
$html .= '</a></div>';
bp_fmsu_generate_activity($author_id, $slug, $html);
echo "<p>Car Saved!</p>";
} else {
$post_id = mysqli_real_escape_string(stripslashes($_POST['post_id']));
if (is_nan($post_id)) {
echo "Unable to update the classified posting";
} else {
$current_item = array(
'ID' => $post_id,
'post_title' => $title,
'post_content' => $content,
'comment_status' => (!empty($_POST['comment_status']))? $_POST['comment_status'] : 'closed',
);
wp_update_post($current_item, true);
if (is_wp_error($post_id)) {
$errors = $post_id->get_error_messages();
foreach ($errors as $error) {
echo $error;
}
} else {
update_post_meta($post_id, 'to_year', $year);
update_post_meta($post_id, 'to_vin', $vin);
update_post_meta($post_id, 'to_comm', $commNo);
update_post_meta($post_id, 'to_engine_no', $engineNo);
update_post_meta($post_id, 'to_reg', $reg);
update_post_meta($post_id, 'to_date', $pdate);
update_post_meta($post_id, 'to_mileage', $mileage);
update_post_meta($post_id, 'to_colour', $colour);
update_post_meta($post_id, 'to_close_colour', $ccolour);
update_post_meta($post_id, 'to_views', 0);
//Generate Topic post
if (!function_exists('media_handle_upload')) {
require_once(ABSPATH . "wp-admin" . '/includes/image.php');
require_once(ABSPATH . "wp-admin" . '/includes/file.php');
require_once(ABSPATH . "wp-admin" . '/includes/media.php');
}
if ($_FILES) {
foreach ($_FILES as $file => $array) {
if ($_FILES['feature']['error'] !== UPLOAD_ERR_OK) {
if ($_FILES['feature']['error'] != 4) {
echo "upload error : " . $_FILES['feature']['error'];
}
} else {
echo "file uploaded";
$attach_id = media_handle_upload('feature', $post_id);
}
}
}
if ($attach_id > 0) {
update_post_meta($post_id, '_thumbnail_id', $attach_id);
}
$post = get_post($post_id);
$dummyUrl = plugins_url('/imgs/noCar.png', __FILE__);
$html="<div><span>Updated a Car</span></div><div><a href="" . get_the_permalink() . '">';
if (has_post_thumbnail()) {
$html .= '<img src="' . get_the_post_thumbnail_url(get_the_ID(), 'thumbnail') . '" title="' . get_the_title() . '" alt="' . get_the_title() . '" />';
} else{
$html .= '<img src="' . $dummyUrl . '" title="' . get_the_title() . '" alt="' . get_the_title() . '" />';
}
$html .= '<div><span>' . get_the_title() . '</span></div>';
$html .= '</a></div>';
bp_fmsu_generate_activity($author_id, $slug, $html);
echo '<p class="ajaxmessage">Car updated!</p>';
}
}
}
}
}
?>
